會員登入
Less common on low-end KEC APs, but supported on the USG series. This provides port-based authentication before IP assignment.
Switching from passwords to certificates demands client configuration changes (e.g., setting 802.1X profiles, installing root CA certificates). Onboarding Bring-Your-Own-Device (BYOD) users is particularly challenging because the organization cannot force-install certificates on personal phones without an MDM. Kec Internet Authentication
Large corporations deploy KEC (via EAP-TLS) on their wired and wireless networks. When an employee plugs their laptop into an office Ethernet jack, the switch remains locked until the laptop presents a valid machine certificate. Unauthorized devices—even if they have the correct MAC address—cannot gain access. Less common on low-end KEC APs, but supported
The most common in hospitality. The administrator prints vouchers with unique codes. When a user enters the code, the KEC checks it against a pre-generated list. Unauthorized devices—even if they have the correct MAC
"Reliable for basic access, but lacks modern flexibility"
Kec Internet Authentication serves its primary purpose well: managing user access to a shared internet connection in an institutional or public setting. If you’ve ever logged into a campus Wi-Fi portal that asks for a student ID or registration number, you’ve likely encountered Kec’s system.
KEC provides a highly cost-effective, manageable solution for captive portal and RADIUS-based authentication. It is not designed for high-security government networks (for that, use 802.1X with EAP-TLS). However, for public access, MDU (Multi-Dwelling Unit) internet, and hospitality, KEC offers an excellent balance of features and simplicity.